SecureWorld 2013: Metro Atlanta ISSA Monthly Chapter Meeting - May 30, 2013
Thursday, May 30, 2013 from 10:15 AM to 11:15 AM (EDT)
Thursday, May 30, 2013:
The Three Pillar Application Security Model: A Domain approach in Application Security for Web, Web Services, and Mobile – to help organizations effectively secure their applications from online risks.
Synopsis: Social media, big data, cloud and mobility are changing the way enterprises conduct business today. So much sensitive information is easily propagated and made available real time across multiple platforms, devices, and data centers. While this is the new norm, and facilitates speed, convenience, and efficiency, it also presents a whole new set of security challenges. Companies are pushing sensitive data, information, and applications to the cloud and online. Hackers are looking to exploit that one vulnerability to poke the application, the back end, . . . the database to retrieve the most guarded company information and financial assets.
As the adage goes . . . “Prevention is better than Cure”. Once the hackers have gotten entry to the information and data, it only becomes a question of figuring out what caused the breach and how to minimize the impact. So, it is imperative for organizations to take the necessary measure to protect their applications and IT infrastructure.
Application Security must be a continuous proactive process. Every organization must ensure they’re protecting the three important domains it impacts.
- Pre-production/ QA / Testing environment . . . the traditional point where security assessments are conducted before applications are rolled into production. This area involves both static and dynamic testing.
- Production environment . . . this is where the most sensitive data resides and as the application is rolled into production, it is subject to a continuous volley of new threats and a fast moving risk vector. Data Center, Service Provider, Cloud environment are good examples where new vulnerabilities can be a serious threat to the application security.This environment must be protected from costly breaches. This is where the WAF’s and tight access management policy control come into play.
- Supply Chain and Partner Networks . . . Practically all organizations have various partners connecting into their web services and applications. One vulnerability in a partner web application, web services is all it takes - to propagate into the vendor network and cause a new level of breach. This becomes an important domain to safeguard for enterprises.
Time: 10:15 AM - 11:15 AM
Refreshments will be provided.
When & Where
Metro Atlanta Information Systems Security Association
A non-profit group dedicated to providing educational and networking opportunities to promote the exchange of ideas, knowledge and member's growth within the information security profession